Discipline is key to ERM

Risk management matters the most when it is the most expensive and most difficult. But unless the regular steps of risk management have already become muscle memory, it is much less likely that you will even think to do your risk management when times get tough.

Enterprise risk management brings discipline to both the mitigation of individual risks and to aggregate risk management. ERM also promotes a disciplined commitment to a comprehensive approach to risk management.

Disciplined management of individual risks

Risk management has been a part of business practices for thousands of years. ERM is a new approach to risk management that, when taken to extremes, may noticeably increase the cost of doing business, and can take the attention of executives away from running their firms. But, there are four key reasons to adopt a version of ERM that fits your business; this post is about one of those four keys – Discipline.

Risk management is much like investing. Looking over the long term, a huge percentage of long-term gains come from being in the market for just a few days. The same is true for risk. The risk management benefits of limiting losses come in just a few quarters. Most of the time, risk management can be skipped without any harm being done. The harm comes when risk management is not already “on” when the lights go out.

But it does not help at all to know after the fact when those good days for investing happened. And when “everybody knows” that bad times are upon us, risk mitigation gets more expensive or even impossible. You will have a hard time buying insurance when the house next door is on fire, or when the hurricane is racing up the coast.

To obtain the gains from investing, most investors need to consistently be in the market. And to get the benefits of risk management, companies need to practice it all of the time. Discipline is how you acquire the muscle memory to conduct the continuous risk management so that it is in place and ready to respond when the bad times finally come.

Enterprise risk management brings the discipline to risk management by making explicit plans for managing risk and then following up, checking on the execution of those plans, and reporting the results of those checks. To some, this seems like lots and lots of needless redundancy, but they miss the point. Discipline makes risk management reliable instead of being another wild card in an uncertain world.

Discipline makes risk management reliable instead of being another wild card in an uncertain world

ERM always employs a risk control cycle. A good control cycle will enhance both the discipline and the transparency of risk management.

Traditional risk management (that is, pre-ERM risk management) is more ad hoc. Risk mitigation and control usually happens but there is typically not an explicit commitment to assuring that takes place.

Aggregate risk management

Enterprise risk management also adds a new layer of discipline to risk management as it addresses the level of aggregate risk. The formation of a risk appetite and tolerance statement for a company itself imposes discipline on a conversation that previously, if it was addressed at all, was discussed in vague terms.

ERM encourages insurers to clearly state their approach to risk as well as the amount and types of risks that they will accept. Clear and coherent communication is an often-underappreciated discipline that is much more difficult than it appears. ERM provides a script and outline that makes it easier to speak clearly about risk and risk management.

True discipline for aggregate risk management involves actually enforcing a control process for aggregate risk that is similar to the process of individual risks. This may involve management setting both

  • a risk capital base (or limit), which the risk managers do not want the company to fall below under most circumstances, as well as
  • a risk capital target, which is where they expect the relationship between aggregate risk and total actual surplus to end up

Discipline involves not only setting these goals and limits, but also monitoring activities to track progress compared to said goals and limits.

It also requires making mid-course corrections when they are needed. In the rare situations where surplus is much closer to the limit than the goal, making the hard decisions about how the company must make serious changes to plans.

Comprehensiveness

In professional sports, all of the teams have plenty of very talented athletes. Invariably, the teams that make it to the finals are the teams that are able to consistently execute – the teams who have practiced the most common plays as well as the unusual plays, over and over. The teams where every player knows where the other players will be and what they will be doing in most circumstances. The teams who have the most discipline. Those teams may or may not win – there are lots of game-day situational effects as well – but they usually get the chance to compete for the championship.

Discipline is also needed to address the comprehensiveness of risk management. Enterprise risk management includes the discipline of a commitment to addressing all of the significant risks of the firm.

ERM always starts with a risk identification and prioritization step, so that while all risks are considered, time and resources are used wisely by focusing only on the most significant risks.

Traditional risk management is also more ad hoc about which risks are addressed. People are not necessarily even asked whether they are paying attention to all of their risks. Sometimes the only risks that are addressed are the risks that the company is used to dealing with or the risks that have most recently affected the firm, other times it might be that just the risks that are convenient and easy to manage are addressed.

ERM brings a belt-and-suspenders approach to risk identification with the emerging risks identification process. Not only is there an explicit effort to identify all presenting risks, but with emerging risks management, there is a periodic effort to identify and prepare for future risks.

Transparency

Transparency helps to enforce and encourage discipline. Because of transparency, everyone will know if risk management stops or if there is a failure to maintain risk exposures within their established risk limits. And actual transparency is even better than guilt to keep people to risk management, because transparency works even on those who are able to overcome their guilt in pursuit of riches.

Discipline is what makes risk management pay off. Without discipline, it is most likely that a company will incur the cost of performing risk management when times are good and losses from risks are light, but fail to consistently apply risk mitigations when risk is high and losses are large.

Discipline is key to ERM.

About Dave Ingram

Dave is an Executive Vice President of Willis Re, specialising in theory and practice of ERM for insurers. Based in…
Categories: Reinsurance | Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *